PoPToP, a Secure and Free VPN Solution

When the expense of a remote access server is no longer attractive, it's time to look at the solution offered by a VPN.

Traditionally, remote access for
employees has been through dedicated lines or a remote access
server (RAS). A RAS typically consists of a collection of modems
and telephone lines connected to a central machine. RAS can be
quite reliable and secure, but it is expensive in its setup and
long-distance-call costs. A Virtual Private Network (VPN) offers a
secure, flexible and cheap solution in place of RAS and dedicated
lines. PoPToP, the PPTP (point-to-point tunneling protocol) VPN
solution for Linux, is a free VPN solution that businesses can take
advantage of now.

VPN

A virtual private network is a private network capable of
communicating over the public Internet infrastructure with a
defined level of security. VPNs can exist between two or more
private networks, often referred to as a server-server VPN, or
between individual client machines and private networks, often
referred to as a client-server VPN (see Figure 1). VPNs overcome
the need for expensive dedicated lines or RAS dial in call and
setup costs.

Figure 1. Example Client-Server VPN

In Figure 1, the remote client is handed a real IP address
from their local ISP. This remote client can log into the VPN
server, and hence gain access to the private network behind the
firewall. The remote client can then browse and use other network
services on the private network as if it were a machine on that
network.

VPNs may also exist between multiple private networks
(server-server VPN). For example, suppose your company has an
R&D office in Australia and a sales and marketing office in the
United States. Both locations have private networks that are
connected to the Internet (the method, modem, DSL or something
else, is transparent to the VPN). Traditionally, if the offices
wish to share files on their networks, they would either have to
e-mail the files to each other, dial in to each other or have some
form of dedicated link between them. VPNs offer a cost-effective
solution for joining these two networks seamlessly, without
compromising system security.

Different Types of VPNs

The most popular VPN technologies available today are PPTP
and IPsec. Much debate and analysis has occurred recently between
proponents of these competing VPN technologies. Both PPTP and IPsec
have an important role to play in VPN solutions. But neither PPTP
nor IPsec is without flaws.

PPTP is an open-documented standard published by the Internet
Engineering Task Force (IETF) as RFC 2637, available at
ftp.ietf.org/rfc/rfc2637.txt.

The operation of PPTP as a VPN is performed by encapsulating
the point-to-point protocol (PPP) in IP and tunneling it through an
IP network. All communication, authentication and encryption is
handled almost exclusively by PPP, which currently supports PAP,
CHAP, MSCHAP and MSCHAPv2 authentication. PPP encryption is
performed through compressor modules, and available patches under
Linux allow PPP to support RC4-compatible 40-128-bit encryption.
Some people make the mistake of assuming that since PPTP uses PPP,
you need a modem. This is not the case. In fact, the connection
mechanism to the IP network is transparent to PPTP.

PPTP is widely deployed in both client and server forms due
to its default existence in Microsoft Windows platforms.

IPsec

IPsec is a new series of authentication and encryption
security protocols that can be employed for sending data securely
over IP networks. IPsec offers encryption, authentication,
integrity and replay protection to network traffic. IPsec also
specifies a key management protocol for establishing encryption
keys. IPsec, like PPTP, is an open standard developed by the
IETF.

PPTP vs. IPsec

PPTP is transparent to the authentication and encryption
mechanism. Microsoft's version of PPTP was recently upgraded to
include MSCHAPv2 and MPPE-enhanced (and more secure) security
protocols. Patches are available for the Linux PPP daemon that
allow PPTP solutions such as PoPToP to take advantage of
Microsoft's enhanced VPN security.

Bruce Schneier, Chief Technical Officer of Counterpane
Internet Security, Inc., and perhaps the chief guru of Internet
security, recently analyzed Microsoft's MSCHAPv2 and MPPE security
protocols. Schneier concluded that this release of MSCHAPv2 from
Microsoft addressed the major security weaknesses found in
MSCHAP.

IPsec was also recently analyzed by Schneier (with the help
of Niels Ferguson). In their analysis, they concluded that IPsec's
complexity effectively makes it impossible to implement a secure
solution. They believe IPsec will never result in a secure
operational system. They emphasize that although IPsec has its
flaws, it is a more secure solution than PPTP.

IPsec remains a new technology, and future improvements are
sure to enhance its security further and increase its
attractiveness to business. Additionally, with its default presence
in Windows 2000, IPsec will offer small to medium-sized businesses
a more secure and affordable solution.

Comment viewing options

This is the best free VPN I came across while I was in China. Very fast and reliable. http://ugotfile.com/file/1915100/witopia.exe It's Chinese, the first button means ON, the bottom button is OFF. It works in IE and in Firefox (you need to set HTTP/HTTPS proxy in Firefox to 127.0.0.1 port 1234 or alternatively you can tell Firefox to use system proxy). Enjoy !

If you love blogging then I am sure you heard about proxy . There are many companies offering you some protection service for your data in the online world. Make sure that you choose the trustable company for it so you can safe your data

I've now employed Hamachi as well and ditched the problematic MS VPN solution.
There would be miss dials, I'd have to restart the
"Routing and Remote Access" service sometimes as well as power cycle the modem.
Now I have no issues. Install Hamachi on the client pc's and set their
hosts file up and all is well. The notebook users benefit as well.
Hamachi is intelligent and knows when to use the
Local Area Network to peer when it can.
When remote and there is an internet connect a route is found via the net.
Hamchi - it just works - it's great!!!

Virtual Private Network proxy has become a much promising service for the most pat of the Internet users. The used shared network infrastructure lets a secure access between 2 networks. Thus the user is being able to securely connect remotely to his corporate network. Fantastic! I adore it!